The «Zero Trust» model in cyberspace: 5 common scenarios for organizations

Ukraine is going through the most difficult period in its modern history, when the enemy threatens national security not only on the frontline, but also in the digital space. In a new article for the dev.ua portal, Dmytro Popinako, CEO Innoware, explained the Zero Trust cybersecurity model and how it can help Ukrainian businesses protect their data from the endless cyberattacks of the russian aggressor.

In December 2024, Ukraine faced the largest cyberattack in recent times, which paralyzed the operation of state registries. This attack was one of 4315 cyber incidents handled by the State Service of Special Communications and Information Protection in 2024 – a 70% increase compared to 2023. Russian hackers, who claimed responsibility for the attack stated that they had destroyed over 1 billion rows of data. However, less than two weeks after the attack, the state began restoring access to the registries. Exactly in a month after the cyberattack, the Ministry of Justice of Ukraine announced the complete recovery of the databases.

It was reported that the attack might have involved phishing methods and even bribery of individuals who had access to these registers. The fact that the head of the State Enterprise National Information Systems was held accountable and dismissed from his position signals a high probability of these hypotheses.

These incidents have once again highlighted the weaknesses in security systems and the vulnerability of data that is critically important for the population, businesses, and government institutions. In the past, viruses such as Petya and NotPetya had already caused significant damage by destroying company data and leaving organizations without recovery options. Fortunately, the data of the registers affected by the December 2024 cyberattack was restored from backup copies. However, the war in cyberspace will continue in 2025 and probably beyond, if contradictions and antagonistic views on social systems and life itself persist.

The government proposes to strengthen cyber defense in the form of a “Pentagon for state registries”. The Ministry of Justice and other authorities have not yet released detailed information about which tools will be involved in creating the «Pentagon». However, the Zero Trust model for data protection should become part of this architecture. What does this mean and in what scenarios should your organization implement this approach?

Theory and Practice of Zero Trust

Zero Trust is a cybersecurity model based on the principle: “Never trust, always verify.” Instead of assuming that the corporate network is secure, the system automatically treats every attempt to access resources as a potential security breach and verifies it as if it came from an open network (for example, from the Internet, rather than the corporate network). Each access request undergoes full authentication, authorization, and encryption. How does this look in practice?

The core and fundamental principle of the Zero Trust model is user and device authentication. Every user and device must be verified each time before gaining access to data, especially if the request comes from an unfamiliar device. Think of your attempt to access Facebook or Instagram from a different phone or computer. To fulfill your request, the system will ask you to confirm whether you trust the device you are trying to access from and will ask you to enter a code or other authorization method. In the case of the opposite approach, any user who knows the login and password can access the system without additional device verification. This situation is risky because attackers can easily gain access to the device or data.

The next principle of Zero Trust is access minimization. Users are granted access only to resources they need to complete their tasks. The opposite approach is unrestricted access, where users can use all resources without limitations, even if those resources are not needed for their work. For example, Microsoft 365 for Business, which includes email and calendar system, cloud document storage, video conferencing and more, applies access minimization through file and folder access control. Administrators can configure access to specific files or directories only for those users or groups who need them to perform their work tasks. For instance, project managers can have access to specific documents and spreadsheets in OneDrive, but they cannot access financial reports.

Monitoring and auditing. In the Zero Trust model, all activities are recorded to track suspicious actions. Examples of the monitoring approach can be seen in systems such as Microsoft 365 or Google Cloud, where all user activity is recorded and tracked in real time. This allows administrators to see who accessed resources and when, as well as to track suspicious activity. If a user with standard access rights tries to access sensitive data or make an unusual system change, the system records this and automatically sends an alert. Without monitoring, user activities remain untracked, making it impossible to detect suspicious or unauthorized attempts.

Data backup. Automatic backups in the cloud or other secure environment. In all well-known data sharing and storage systems from large corporations like Microsoft or Google, every change in files or data is automatically recorded, and saved versions of the data can be restored if necessary. This ensures that even in the case of an error or malicious intervention, the latest version of the data can be recovered from the backup. Moreover, data is stored in geographically distributed data centers, which increases its availability and security, even in the event of natural disasters. However, there are systems that allow data to be deleted without a trace and the possibility of recovery, creating risks of abuse and loss of information, such as in russian accounting system 1C and its clone BAS. Additionally, international institutions, companies, and banks expect that all actions, particularly in accounting systems will have an audit trail. And the opportunities to find funding or partners in developed countries using systems that allow data distortion (deletion without a trace) are significantly lower and will continue to decrease.

Encryption is also part of the Zero Trust model. All traffic is encrypted to make it impossible to intercept. For example, Apple uses encryption across all its services. iCloud encrypts your files as they are transferred to and from the cloud, as well as when they are stored. iMessage and FaceTime use end-to-end encryption, meaning that no one except you and the recipient can access the content, not even Apple itself. In systems with open traffic, all information flows are transmitted in an unencrypted form, making it vulnerable to interception. This is very dangerous, especially in the context of global cyberwar.

If we compare different providers, in 2023 Microsoft was recognized as one of the top three leaders in Zero Trust-based platforms, alongside Palo Alto Networks and CheckPoint Software, according to Forrester Wave. According to recent interview of Microsoft’s Country Manager of Ukraine and the Baltics, the company has 34000 specialists in cybersecurity globally!

Common scenarios where the Zero Trust model becomes crucial

For any business, regardless of its size, it is critical to ensure that the Zero Trust approach is applied in everyday scenarios. By strengthening your system’s security in the most common scenarios, you can significantly reduce the risk of an attacker interfering with your system.

1. Employee access to corporate resources: the Zero Trust model requires that even employees working inside the company undergo multi-factor authentication before accessing data. This reduces the risk of compromise through stolen credentials, such as login and password.

2. Access to Internet resources from corporate devices: with the Zero Trust, the system prevents corporate devices from being used for risky activities, such as accessing compromised sites.

3. Contractor access to resources: for contractors or other third-party users, the Zero Trust approach ensures that they have access only to the data necessary to perform their job.

4. Server to server interaction: the Zero Trust model enables network segmentation, ensuring that servers can access only the other servers necessary for their operation, making it impossible for attacks to spread within infrastructure.

5. Collaboration with business partners: Zero Trust ensures secure access to the necessary resources for business partners without the risk of compromising the organization’s infrastructure.

In Ukrainian context, considering the threats of cyberattacks and associated risks, Zero Trust integration can protect business data and ensure operational continuity.

Original article: Модель «нульової довіри» в кіберпросторі: 5 типових сценаріїв для організацій